Businesses are putting their reputations at risk by failing to monitor the contents of outgoing e-mails for inappropriate or commercially confidential material, according to a Department of Trade & Industry study.
The DTI Information Security Breaches Survey 2006 revealed that although 90% of firms rate their reputation as one of the most important drivers for information security, only 17% have systems in place to check outgoing e-mails.
The failure is leaving firms open to theft of confidential information and both deliberate and accidental abuse of e-mail systems. This could damage a company's reputation, or put them at risk of legal action, said Chris Potter, partner at PricewaterhouseCoopers, which conducted the survey.
"Given how important reputation is to business, it is surprising that five-sixths do not scan outgoing e-mail for inappropriate content," he said.
In one case an employee e-mailed the firm's entire customer database to a competitor. In another case, a manufacturer e-mailed confidential information about a customer to another customer with a similar name, the survey revealed.
The number of firms that scan incoming e-mail for viruses and spam has increased to more than 90%, the survey of 1,000 companies found.
But few take steps to protect confidential information sent by e-mail, with only 25% of firms using encrypted e-mail to share information with business partners.
Only 20% have procedures in place to gather digital evidence to a standard that would be acceptable in a court of law, if security breaches occurred.
Businesses are also putting themselves at risk of data protection breaches by failing to block employee access to online contact management systems that store personal data on external servers.
On the positive side, over the past two years, the proportion of firms with acceptable use policies for e-mail and web has risen from 43% to 63%, rising to 89% for large businesses. Seventy five per cent of firms now insist their staff sign policies before allowing them access to the internet.
Full results of the survey will be launched at Infosecurity Europe in London on 25-27 April
The internal risk
Staff misusing the internet, by visiting inappropriate websites or excessive web surfing, is the largest security problem for businesses after viruses, the DTI Information Security Breaches Survey 2006 revealed.
Nearly 20% of businesses reported staff misuse of the web and 11% e-mail misuse. But for large companies web misuse rose to 52% and e-mail misuse to 43%.
About 40% of the worst incidents involved staff accessing inappropriate websites and 36% involved excessive web surfing.